Systems and methods for managing directory harvest attacks via electronic messages

US 7,958,187 B2
Filed: 05/03/2006
Issued: 06/07/2011
Est. Priority Date: 02/19/2003
Status: Active Grant

First Claim

Patent Images

1. A method of managing the transmission of electronic messages from sending mail servers to destination mail servers, the method comprising:

receiving, at a computer-server-implemented message management system located on a first network and interposed between the sending and destination mail servers, a plurality of delivery attempts of electronic messages from a sending mail server to a destination mail server before the plurality of delivery attempts are received at a second network having the destination mail server, wherein the second network is different from the first network;

detecting a number of the plurality of delivery attempts unsuccessfully made to invalid destination addresses associated with the destination mail server; and

refusing an SMTP connection attempt from the sending mail server using the message management system and based at least in part on the detected number of delivery attempts unsuccessfully made to the invalid destination addresses.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an electronic message management system (EMS) that includes a real-time feedback loop where data is collected from the electronic messages on incoming connection attempts, outgoing delivery attempts, and message content analysis, and written to a centralized data matrix. A separate process accesses the data matrix and analyzes trends in that data. The detected data patterns, trends or behavior is based on configuration parameters for the recipient. Based on these determinations, the process is able to instruct components in the EMS to accept, redirect, refuse, modify, defer, or otherwise dispose of the connection request, the delivery attempt, or the message. Associated methods for managing the transmission of electronic messages are also disclosed.

92 Citations

View as Search Results

34 Claims

1. A method of managing the transmission of electronic messages from sending mail servers to destination mail servers, the method comprising:
- receiving, at a computer-server-implemented message management system located on a first network and interposed between the sending and destination mail servers, a plurality of delivery attempts of electronic messages from a sending mail server to a destination mail server before the plurality of delivery attempts are received at a second network having the destination mail server, wherein the second network is different from the first network;
  
  detecting a number of the plurality of delivery attempts unsuccessfully made to invalid destination addresses associated with the destination mail server; and
  
  refusing an SMTP connection attempt from the sending mail server using the message management system and based at least in part on the detected number of delivery attempts unsuccessfully made to the invalid destination addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 29, 30, 31)
- - 2. A method according to claim 1, wherein detecting comprises determining that the number of the plurality of delivery attempts made to invalid destination addresses compared to the number of delivery attempts made to valid addresses associated with the destination mail server exceeds a predetermined threshold.
  - 3. A method according to claim 1, wherein refusing a connection from the sending mail comprises extracting source data associated with the sending mail server.
  - 4. A method according to claim 3, wherein refusing a connection from the sending mail further comprises extracting the source data from at least one of the electronic messages attempted for delivery to an invalid destination address.
  - 5. A method according to claim 4, wherein the source data comprises the source IP address of the sending mail server.
  - 6. A method according to claim 4, wherein the source data comprises domain data based on the sending mail server.
  - 7. A method according to claim 1, further comprising:
    - storing the detected number of the plurality of delivery attempts made to invalid destination addresses in a data structure; and
      
      managing the transmission of the electronic messages using at least information stored in the data structure to determine which messages are likely solicited and unsolicited by intended recipients.
  - 8. A method according to claim 1, wherein the detected number of the plurality of delivery attempts made to invalid destination addresses comprises metadata.
  - 9. A method according to claim 7, wherein the data structure comprises a data table mapping source data for the plurality of electronic messages against destination data for the plurality of electronic messages, the method further comprising supplementing the source and destination data with the metadata.
  - 10. A method according to claim 1, wherein the message management system interposed between the sending and destination servers comprises a first SMTP connection to the sending server and a second, distinct SMTP connection to the destination server when the connection attempt is not refused.
  - 11. A method according to claim 1, wherein the message management system interposed between the sending and destination servers comprises an intermediate mail server which intercepts the at least one incoming electronic messages.
  - 12. A method according to claim 11, wherein the intermediate mail server performs the refusing of the SMTP connection attempt from the sending mail server.
  - 13. A method according to claim 11, wherein the intercepting comprises intercepting the at least one incoming electronic message by associating a new delivery address with the original delivery address associated with the at least one incoming electronic message.
  - 14. A method according to claim 1, wherein the destination addresses are in e-mail address format.
  - 15. A method according to claim 14, wherein the invalid destination addresses have the same domain name as the valid destination addresses.
  - 29. A method according to claim 1, wherein the first network is the Internet.
  - 30. A method according to claim 1, wherein the first network is a first local area network and the second network is a second local area network.
  - 31. A method according to claim 1, wherein the second network is associated with an organization.

16. An electronic message management system for use in managing the transmission of electronic messages from sending mail servers to destination mail servers, the system comprising:
- a computer-server-implemented message management system comprising a computer-processor implemented intermediate service located on a first network configured to intercept at least one of the electronic messages between a sending mail server and a destination mail server before the at least one of the electronic messages are received at a second network having the destination mail server, wherein the second network is different from the first network; and
  
  a connection management module associated with the computer-processor implemented intermediate service, the connection management module configured to;
  
  detect a number of the plurality of delivery attempts unsuccessfully made to invalid destination addresses associated with the destination mail server, and refuse an SMTP connection attempt from the sending mail server using the computer-server-implemented message management system and based at least in part on the detected number of delivery attempts unsuccessfully made to the invalid destination addresses.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 32, 33, 34)
- - 17. A system according to claim 16, wherein the detected number of the plurality of delivery attempts made to invalid destination addresses compared to the number of delivery attempts made to valid addresses associated with the destination mail server exceeds a predetermined threshold.
  - 18. A system according to claim 16, wherein the connection management module is further configured to extract source data associated with the sending mail server in order to refuse a connection from the sending mail server.
  - 19. A system according to claim 18, wherein the source data is extracted from at least one of the electronic messages attempted for delivery to an invalid destination address.
  - 20. A system according to claim 19, wherein the source data comprises the source IP address of the sending mail server.
  - 21. A system according to claim 19, wherein the source data comprises domain data based on the sending mail server.
  - 22. A system according to claim 16, further comprising:
    - a data structure associated with the intermediate service for storing the detected number of the plurality of delivery attempts made to invalid destination addresses, the connection management module refusing a connection from the sending mail server using at least information stored in the data structure to determine which messages are likely unsolicited by intended recipients.
  - 23. A system according to claim 16, wherein the detected number of the plurality of delivery attempts made to invalid destination addresses comprises metadata.
  - 24. A system according to claim 23, wherein the data structure comprises a data table mapping source data for the plurality of electronic messages against destination data for the plurality of electronic messages, wherein the connection management module is further configured to supplement the source and destination data with the metadata.
  - 25. A system according to claim 16, wherein the intermediate service is within an intermediate mail server.
  - 26. A system according to claim 16, wherein the intermediate service is configured to intercept the at least one the electronic messages by associating a new delivery address with the original delivery address associated with the at least one electronic message.
  - 27. A system according to claim 16, wherein the destination addresses are in e-mail address format.
  - 28. A system according to claim 27, wherein the invalid destination addresses have the same domain name as the valid destination addresses.
  - 32. A system according to claim 16, wherein the first network is the Internet.
  - 33. A system according to claim 16, wherein the first network is a first local area network and the second network is a second local area network.
  - 34. A system according to claim 16, wherein the second network is associated with an organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Cox, Fred, Akamine, Shinya, Lund, Peter K., Petry, Scott M., Oswall, Michael J.
Primary Examiner(s)
Ismail; Shawki S
Assistant Examiner(s)
SHAW, ROBERT A

Application Number

US11/381,515
Publication Number

US 20060195537A1
Time in Patent Office

1,861 Days
Field of Search

709/206
US Class Current

709/203
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 51/04   Real-time or near real-time...

H04L 63/1408   by monitoring network traff...

Systems and methods for managing directory harvest attacks via electronic messages

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for managing directory harvest attacks via electronic messages

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links